Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.
Fact
Novell GroupWise 6.5
Symptom
Cross-site scripting vulnerability in Webaccess.
CAN-2005-2276
An outside security researcher reported a cross-site scripting vulnerability in GroupWise Webaccess. In certain circumstances, it was possible for a specifically-crafted malicious email to execute javascript code within the user's browser.
Fix
This has been fixed in any build of GroupWise 6.5 webaccess dated after July 11, 2005. This fix will also be included in GroupWise 6.5 SP5.
Field test files for GroupWise 6.5 are available here: https://support.novell.com/filefinder/16963/beta.html
Note
Novell acknowledges Francisco Amato for discovering this vulnerability and working with Novell to get it fixed.